<html>
<head><meta charset="utf-8"><title>when is aliasing not aliasing? · t-lang/wg-unsafe-code-guidelines · Zulip Chat Archive</title></head>
<h2>Stream: <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/index.html">t-lang/wg-unsafe-code-guidelines</a></h2>
<h3>Topic: <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/when.20is.20aliasing.20not.20aliasing.3F.html">when is aliasing not aliasing?</a></h3>

<hr>

<base href="https://rust-lang.zulipchat.com">

<head><link href="https://rust-lang.github.io/zulip_archive/style.css" rel="stylesheet"></head>

<a name="247490946"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/when%20is%20aliasing%20not%20aliasing%3F/near/247490946" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> bstrie <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/when.20is.20aliasing.20not.20aliasing.3F.html#247490946">(Jul 28 2021 at 17:36)</a>:</h4>
<p>Per the docs for <code>UnsafeCell</code> (<a href="https://doc.rust-lang.org/std/cell/struct.UnsafeCell.html#examples">https://doc.rust-lang.org/std/cell/struct.UnsafeCell.html#examples</a>) the following example should be safe:</p>
<div class="codehilite" data-code-language="Rust"><pre><span></span><code><span class="kd">let</span><span class="w"> </span><span class="n">x</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">UnsafeCell</span>::<span class="n">from</span><span class="p">(</span><span class="mi">42</span><span class="p">);</span><span class="w"></span>
<span class="kd">let</span><span class="w"> </span><span class="p">(</span><span class="n">p1</span><span class="p">,</span><span class="w"> </span><span class="n">p2</span><span class="p">)</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="p">(</span><span class="o">&amp;</span><span class="n">x</span><span class="p">,</span><span class="w"> </span><span class="o">&amp;</span><span class="n">x</span><span class="p">);</span><span class="w"></span>

<span class="k">unsafe</span><span class="w"> </span><span class="p">{</span><span class="w"></span>
<span class="w">    </span><span class="kd">let</span><span class="w"> </span><span class="n">p3</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="o">&amp;</span><span class="k">mut</span><span class="w"> </span><span class="o">*</span><span class="n">p1</span><span class="p">.</span><span class="n">get</span><span class="p">();</span><span class="w"></span>
<span class="w">    </span><span class="o">*</span><span class="n">p3</span><span class="w"> </span><span class="o">+=</span><span class="w"> </span><span class="mi">27</span><span class="p">;</span><span class="w"></span>
<span class="p">}</span><span class="w"></span>

<span class="k">unsafe</span><span class="w"> </span><span class="p">{</span><span class="w"></span>
<span class="w">    </span><span class="kd">let</span><span class="w"> </span><span class="n">p4</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="o">&amp;*</span><span class="n">p1</span><span class="p">.</span><span class="n">get</span><span class="p">();</span><span class="w"> </span><span class="kd">let</span><span class="w"> </span><span class="n">p5</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="o">&amp;*</span><span class="n">p2</span><span class="p">.</span><span class="n">get</span><span class="p">();</span><span class="w"></span>
<span class="w">    </span><span class="fm">assert_eq!</span><span class="p">(</span><span class="o">*</span><span class="n">p4</span><span class="p">,</span><span class="w"> </span><span class="o">*</span><span class="n">p5</span><span class="p">);</span><span class="w"></span>
<span class="p">}</span><span class="w"></span>
</code></pre></div>
<p>with the idea being that even though <code>p1</code> and <code>p2</code> immutably reference the <em>container</em>, <code>p3</code> holds the sole reference to the <em>contents</em>, so this is safe. But all these pointers are literally pointing to the same address, which you can confirm by printing <code>{:p}</code>. So is this allowed because <code>p1</code> has a different type than <code>p3</code>? But wouldn't that be TBAA, which Rust doesn't have? And isn't that incompatible with LLVM's noalias, which doesn't understand Rust types?</p>



<a name="247491556"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/when%20is%20aliasing%20not%20aliasing%3F/near/247491556" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/when.20is.20aliasing.20not.20aliasing.3F.html#247491556">(Jul 28 2021 at 17:41)</a>:</h4>
<blockquote>
<p>But all these pointers are literally pointing to the same address</p>
</blockquote>
<p>They do, however, have different <a href="https://rust-lang.github.io/unsafe-code-guidelines/glossary.html#pointer-provenance">provenance</a></p>



<a name="247492319"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/when%20is%20aliasing%20not%20aliasing%3F/near/247492319" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> bstrie <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/when.20is.20aliasing.20not.20aliasing.3F.html#247492319">(Jul 28 2021 at 17:47)</a>:</h4>
<p>okay, so that's what I'm missing, I thought provenance only mattered when casting from ints or raw ptrs :P</p>



<a name="247492449"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/when%20is%20aliasing%20not%20aliasing%3F/near/247492449" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Mario Carneiro <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/when.20is.20aliasing.20not.20aliasing.3F.html#247492449">(Jul 28 2021 at 17:48)</a>:</h4>
<p>I think the difference is that <code>p3</code> is a reborrow of <code>p1</code>, so the tags indicate this nesting structure</p>



<a name="247492455"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/when%20is%20aliasing%20not%20aliasing%3F/near/247492455" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/when.20is.20aliasing.20not.20aliasing.3F.html#247492455">(Jul 28 2021 at 17:48)</a>:</h4>
<p>no provenance is <em>everywhere</em> in the Rust aliasing story</p>



<a name="247492520"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/when%20is%20aliasing%20not%20aliasing%3F/near/247492520" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Mario Carneiro <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/when.20is.20aliasing.20not.20aliasing.3F.html#247492520">(Jul 28 2021 at 17:48)</a>:</h4>
<p>not sure if p1 and p2 have different provenance though</p>



<a name="247495317"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/when%20is%20aliasing%20not%20aliasing%3F/near/247495317" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/when.20is.20aliasing.20not.20aliasing.3F.html#247495317">(Jul 28 2021 at 18:07)</a>:</h4>
<p>they will, each <code>&amp;</code> generates a fresh provenance</p>



<a name="247496754"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/when%20is%20aliasing%20not%20aliasing%3F/near/247496754" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Mario Carneiro <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/when.20is.20aliasing.20not.20aliasing.3F.html#247496754">(Jul 28 2021 at 18:19)</a>:</h4>
<p>is that still the case if you have <code>let p1 = &amp;x; let p2 = p1;</code>?</p>



<a name="247496768"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/when%20is%20aliasing%20not%20aliasing%3F/near/247496768" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Mario Carneiro <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/when.20is.20aliasing.20not.20aliasing.3F.html#247496768">(Jul 28 2021 at 18:19)</a>:</h4>
<p>does it do an implicit reborrow there?</p>



<a name="247497613"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/when%20is%20aliasing%20not%20aliasing%3F/near/247497613" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/when.20is.20aliasing.20not.20aliasing.3F.html#247497613">(Jul 28 2021 at 18:25)</a>:</h4>
<p>hm, I dont know MIR generation entirely by heart</p>



<a name="247497619"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/when%20is%20aliasing%20not%20aliasing%3F/near/247497619" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/when.20is.20aliasing.20not.20aliasing.3F.html#247497619">(Jul 28 2021 at 18:25)</a>:</h4>
<p>it's possible it just makes a copy</p>



<a name="247497635"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/when%20is%20aliasing%20not%20aliasing%3F/near/247497635" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/when.20is.20aliasing.20not.20aliasing.3F.html#247497635">(Jul 28 2021 at 18:25)</a>:</h4>
<p>(but for mutable references it definitely does a reborrow)</p>



<a name="247502703"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/when%20is%20aliasing%20not%20aliasing%3F/near/247502703" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Mario Carneiro <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/when.20is.20aliasing.20not.20aliasing.3F.html#247502703">(Jul 28 2021 at 19:02)</a>:</h4>
<p>If it makes a copy, then does that imply that there is an observable difference between that version and the original? Since reborrows of a shared reference don't freeze the reference like mutable references do, I'm not sure what the downstream effects are. Or perhaps there are no observable differences, but in that case the second tag in the <code>(&amp;x, &amp;x)</code> case seems unnecessary.</p>



<a name="247504645"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/when%20is%20aliasing%20not%20aliasing%3F/near/247504645" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/when.20is.20aliasing.20not.20aliasing.3F.html#247504645">(Jul 28 2021 at 19:17)</a>:</h4>
<p>I dont think there is a difference. the 2nd tag might be unnecessary but it would be significant effort to <em>not</em> give it a 2nd tag, so why bother?^^</p>



<hr><p>Last updated: Aug 07 2021 at 22:04 UTC</p>
</html>